II. AMENDMENTS TO THE CLAIMS 

The following listing of claims replaces all prior versions, and listings, of claims in the 
application: 

1 . (Previously Presented) An authentication method for a distributed data processing 
environment in which a server data processing system has access to a repository storing cipher- 
protected client passwords, the cipher-protected client passwords having been generated by 
applying a cipher function to the client passwords, the method comprising: 

a process at the client data processing system applying the cipher function to the client 
password which corresponds to the stored cipher-protected client password, thereby to generate a 
cipher-protected client password which is equivalent to the stored cipher-protected client 
password; 

performing an authentication check using the client data processing system's cipher- 
protected client password and the server data processing system's stored cipher-protected client 
password as a shared secret for said authentication check, 

wherein the authentication check is adapted to be performed without having the client 
password in a cleartext format on the server data processing system, and 

wherein the authentication method is adapted to function without additional software 
infrastructure. 

2. (Original) A method according to claim 1, wherein the authentication check includes 
performing a mutual challenge-response authentication protocol check. 

3. (Previously Presented) A method according to claim 1, wherein the cipher function is an 
encryption algorithm and wherein the cipher-protected client password comprises a salt and a 
character string. 



10/007,859 



Page 2 of 14 



4. (Previously Presented) A method according to claim 3, wherein the authentication check 
comprises generating a common secret session key at both the client and server data processing 
systems using the cipher-protected client password generated at the client with the encryption 
algorithm and the stored cipher-protected client password at the server that is encrypted with the 
encryption algorithm and using this common secret session key in a mutual challenge-response 
authentication protocol. 

5. (Original) A method according to claim 4, wherein the common secret session key is generated 
by applying a cipher function to each of the generated encrypted client password at the client and 
the stored encrypted client password at the server. 

6. (Original) A method according to claim 1, wherein the cipher function is a hash function. 

7. (Original) A method according to claim 1, wherein each cipher-protected client password 
stored in the repository is stored together with a respective token, and the cipher-protected client 
passwords are generated by combining the client passwords with the respective token and 
applying the cipher function to the combination, and wherein the method includes: 

a process at the server data processing system retrieving from the repository the 
respective token for a stored cipher-protected client password, and transmitting the token to a 
client data processing system; and 

the process at the client data processing system applying the cipher function to the 
combination of the transmitted token and the client password which corresponds to the stored 
cipher-protected client password, thereby to generate the equivalent cipher-protected client 
password for use as a shared secret. 

8. (Original) A method according to claim 7, wherein the token is a random number. 

9. (Original) A method according to claim 1, wherein the server data processing system's 
password repository is preferably integrated within the operating system of the server data 
processing system. 
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10. (Previously Presented) A method according to claim 9, wherein the operating system is an 
operating system conforming to the UNIX operating system standard or derived from a UNIX 
conforming operating system. 

1 1 . (Original) A method according to claim 10, wherein the encryption algorithm is provided by 
the UNIX cryptO function. 

12. (Previously Presented) An authentication method for a distributed data processing 
environment in which a server data processing system has access to a repository storing cipher- 
protected client passwords, each cipher-protected client password being stored together with a 
respective token, the cipher-protected client passwords having been generated by combining the 
client passwords with the respective token and applying a cipher function to the combination, the 
method comprising: 

a process at the server data processing system retrieving from the repository the 
respective token for a stored cipher-protected client password, and transmitting the token to a 
client data processing system; 

a process at the client data processing system applying the cipher function to the 
combination of the transmitted token and the client password which corresponds to the stored 
cipher-protected client password, thereby to generate a cipher-protected client password which is 
equivalent to the stored cipher-protected client password; and 

using the client data processing system's cipher-protected client password and the server 
data processing system's stored cipher-protected client password as a shared secret for a mutual 
challenge-response authentication check, 

wherein the authentication method is adapted to be performed without having the client 
password in a cleartext format on the server data processing system, and 

wherein the authentication method is adapted to function without additional software 
infrastructure. 
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13. (Previously Presented) A computer program product comprising program code recorded on a 
machine-readable recording medium, wherein the program code includes a server process for 
participating in a mutual challenge-response authentication protocol, the server process having 
access to a repository storing a cipher-protected copy of client passwords, the cipher protected 
client passwords having been generated by applying a first cipher function to the client 
passwords, the server process comprising: 

means, responsive to a client process indicating a requirement for an operation to be 
performed, for generating a server challenge and for transmitting the server challenge to the 
client process, thereby to enable the client process: 

(i) to generate a cipher-protected client password by applying said first cipher 
function to the client's password, thereby to provide the client and server processes 
with a shared secret; and then 

(ii) to generate a client response and counter-challenge, the client response and 
counter-challenge including a message authentication code computed using the 
cipher-protected client password, and to forward it to the server process; 

means for receiving the client response and counter-challenge from the client process; 
means for accessing the repository and retrieving said stored cipher-protected client 
password; 

means for generating, using said stored cipher-protected client password, a message 
authentication code corresponding to an anticipated client response and counter-challenge, and 
for comparing the received and generated message authentication codes to determine whether 
they match; 

means, responsive to a match, for generating a server response to the client response and 
counter-challenge; and 

means for forwarding the server response to the client process to enable the client process 
to perform an authentication check, 

wherein the server process for participating in a mutual challenge-response authentication 
protocol is adapted to be performed without having Hie client password in a cleartext format on 
the server data processing system, and 
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wherein the program product is adapted to function without additional software 
infrastructure. 

14. (Previously Presented) A computer program product, comprising program code recorded on a 
machine-readable recording medium, wherein the program code includes a client process for 
participating in a mutual challenge-response authentication protocol, the client process 
comprising: 

means for indicating to a server process a requirement for an operation to be performed, 
thereby prompting the server process to generate and send a server challenge to the client 
process; 

means for applying a cipher function to the client's password to generate a cipher- 
protected client password; 

means, responsive to receipt of the server challenge, for generating a client response and 
counter-challenge, the client response and counter-challenge including a message authentication 
code computed using the cipher-protected client password; 

means for forwarding the client response and counter-challenge to the server process, 
thereby to prompt the server process to: 

(i) receive the client response and counter-challenge; 

(ii) access a repository storing a cipher-protected client password, generated by 
applying said cipher function to the client's password, to retrieve said stored cipher- 
protected client password; 

(iii) generate, using said stored cipher-protected client password, a message 
authentication code corresponding to an anticipated client response and counter- 
challenge; 

(iv) compare the received and generated message authentication codes to determine 
whether they match and, responsive to a match, to generate a server response to the 
client response and counter-challenge and to forward the server response to the client 
process; 

wherein the client process also includes: 
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means for generating a message authentication code corresponding to an anticipated server 
response, 

means for receiving the forwarded server response, and 

means for comparing the forwarded and anticipated server responses to determine whether 
they match, 

wherein the client process for participating in a mutual challenge-response authentication 
protocol is adapted to be performed without having the client password in a cleartext format on 
the server data processing system, and 

wherein the program product is adapted to function without additional software 
infrastructure. 

15. (Previously Presented) A data processing system including: 

a repository storing a cipher-protected copy of client passwords, the cipher-protected 
client passwords having been generated by applying a first cipher function; and 

a server process for participating in a mutual challenge-response authentication protocol 
with a client process having an associated client password, the server process comprising: 

means, responsive to a client process indicating a requirement for an operation to be 
performed, for generating a server challenge and for transmitting the server challenge to the 
client process, thereby to enable the client process: 

(i) to generate a cipher-protected client password by applying said first cipher 
function to the client's password, thereby to provide the client and server processes 
with a shared secret; and then 

(ii) to generate a client response and counter-challenge, the client response and 
counter-challenge including a message authentication code computed using the 
cipher-protected client password, and to forward it to the server process; 

means for receiving the client response and counter-challenge from the client process; 
means for accessing the repository and retrieving said stored cipher-protected client 
password; 

means for generating, using said stored cipher-protected client password, a message 
authentication code corresponding to an anticipated client response and counter-challenge, and 
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for comparing the received and generated message authentication codes to determine whether 
they match; 

means, responsive to a match, for generating a server response to the client response and 
counter-challenge; and 

means for forwarding the server response to the client process to enable the client process 
to perform an authentication check, 

wherein the data processing system is adapted to function without having the client 
password in a cleartext format on the server data processing system, and 

wherein the data processing system is adapted to function without additional software 
infrastructure. 

16. (Original) A distributed data processing system comprising a first data processing system 
according to claim 14 and a client data processing system, the client data processing system 
including a client process for: 

generating a cipher-protected client password by applying said first cipher function to the 
client's password, thereby to provide the client and server processes with a shared secret; 

generating a client response and counter-challenge to the server challenge, the client 
response and counter- challenge including a message authentication code computed using the 
cipher-protected client password; 

forwarding the client response and counter-challenge to the server process; 

receiving the forwarded server response; 

generating an anticipated server response and comparing the received and anticipated 
server responses to determine whether they match; and 

in response to a positive match, confinning successful authentication. 
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